Quantitative Analysis of Opacity in Cloud Computing Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Federated cloud systems increase the reliability and reduce the cost of the computational support. The resulting combination of secure private clouds and less secure public clouds, together with the fact that resources need to be located within different clouds, strongly affects the information flow security of the entire system. In this paper, the clouds as well as entities of a federated cloud system are assigned security levels, and a probabilistic flow sensitive security model for a federated cloud system is proposed. Then the notion of opacity --- a notion capturing the security of information flow --- of a cloud computing systems is introduced, and different variants of quantitative analysis of opacity are presented. As a result, one can track the information flow in a cloud system, and analyze the impact of different resource allocation strategies by quantifying the corresponding opacity characteristics

Measuring information security breach impact and uncertainties under various information sharing scenarios

This study draws on information theory and aims to provide simulated evidence using real historical and statistical data to demonstrate how various levels of integration moderate the impact and uncertainties of information security breach on supply chain performance. We find that the supply chain behaves differently under various levels of integration when a security breach occurs. The entropy analysis revealed that the wholesaler experience the most uncertainty under system failure and data corruption. This sort of impact-uncertainty information will aid in designing and managing a resilient supply chain poised for minimal breach impact

A Comparative Usability Study of Two-Factor Authentication

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201

Development of a Methodology for the Economic Assessment of Managerial Decisions as a Factor of Increased Economic Security

The article notes that the emergence of such a phenomenon as the interdependence of security and development, the so-called security-development nexus, becomes a determinant during the development of strategic documents at all hierarchical levels. It gives relevance to the search for methodological solutions that would on a strategic level take into account any potential threats to economic security, and on a tactical level provide for pragmatic actions that are not in conflict with the strategic development vector of business entities. The authors identify the instability factors that pose a real threat to economic security. They substantiate the expediency of forming a new model of the national economy development with a focal point on new industrialization. The article factors in the most important trends in the development of the global economy that determine the strategic vector of enhancing the economic security in Russia. It is ascertained that in the conditions of new industrialization, the intellectual core of the high-tech economy sector is formed by convergent technologies (NBICS technologies). The authors offer a methodological approach to the economic assessment of managerial decisions in the context of uncertainty. They also identify methodological principles that must be taken into account in developing a modern methodology for the economic assessment of business decisions. The principles include forming a preferred reality, or the so-called “vision of the future,” the priority of network solutions as the basis for the formation of new markets; mass customization and individualization of demands, principal changes in the profile of competences that ensure competitiveness on the labor market, use of the ideology of inclusive development and impact investment that creates common values. The proposed methodology is based on the optimum combination of traditional methods used for the economic assessment of managerial decisions with the method of real options and reflexive assessments with regard to entropy as a measure of uncertainty. The proposed methodological approach has been tested in respect of the Ural mining and metallurgical complex.The article has been prepared with the support of the grant from the Russian Foundation for Basic Research № 16–06–00403 "Modelling the Motivational Potentials of the Multi-subject Industrial Policy in the Context of New Industrialization"